Hi Faolin,

The red circle may be a results of Kaspersky still installed. When you hover the mouse over the "a" icon, how many providers are shown as total and running?

Try the steps Here to uninstall Kaspersky



Locate combofix.exe on your desktop, right click it and select delete.

Download a new copy from from one of these locations, save it your desktop Do not run it yet, we will run it differently this time.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Please read through these instructions to familarize yourself with what to expect when this tool runs

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  Open a new Notepad session [list]
• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

In the notepad

• Click File, Save as..., and set the Save in to your Desktop
• In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
• Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
• Click Check for Updates
• If an update is found, it will download and install the latest version.
• The program will close to update and reopen.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with

• combofix log
• MBAM log
• Kaspersky and Avast situation

Any other problems?

Thanks

ComboFix 09-09-18.02 - Administrator 09/18/2009 23:36.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.844 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090913-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
/wow section - STAGE 7
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-14 02:46 . 2009-09-14 02:46 -------- d-----w- c:\program files\ERUNT
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-14 01:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-14 01:08 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 01:05 . 2009-09-14 01:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 23:59 . 2009-09-13 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 23:59 . 2009-09-17 16:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 23:59 . 2009-09-13 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-13 23:47 . 2009-09-13 23:47 -------- d-----w- c:\program files\Trend Micro
2009-09-13 22:44 . 2009-09-13 22:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-13 20:22 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-13 20:22 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-13 20:22 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-13 20:22 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-13 20:22 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-13 20:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-13 20:22 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-13 20:22 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-13 20:21 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\program files\VS Revo Group
2009-09-13 16:57 . 2009-09-13 16:57 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-12 16:26 . 2009-09-16 20:40 -------- d--h--w- c:\windows\PIF
2009-09-12 15:43 . 2009-09-13 17:02 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-12 15:43 . 2009-09-13 17:02 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-10 05:25 . 2009-09-10 05:25 -------- d-----w- c:\program files\iPod
2009-09-10 05:25 . 2009-09-10 05:26 -------- d-----w- c:\program files\iTunes
2009-09-10 05:25 . 2009-09-10 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 05:23 . 2009-09-10 05:23 -------- d-----w- c:\program files\QuickTime
2009-09-10 02:35 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 06:40 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-08 06:40 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-09-08 06:40 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-08 06:40 . 2009-09-08 06:40 -------- d-----w- c:\program files\Alwil Software
2009-09-07 21:18 . 2009-08-19 07:36 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-09-07 21:18 . 2009-06-19 23:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-07 21:18 . 2009-06-19 23:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-09-06 19:34 . 2009-09-06 19:34 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-09-03 15:40 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-03 15:40 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-02 22:11 . 2009-09-16 20:24 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Microsoft
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Windows Live
2009-09-02 22:03 . 2009-09-02 22:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-01 03:19 . 2009-09-01 03:19 -------- d-----w- c:\windows\ShellNew
2009-09-01 03:18 . 2009-09-01 03:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Web Folders
2009-09-01 00:27 . 2009-09-01 00:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-08-30 19:28 . 2009-08-30 19:28 -------- d-----w- c:\windows\system32\LogFiles
2009-08-30 17:44 . 2009-08-30 18:10 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-08-30 17:42 . 2003-04-09 14:29 101099 ----a-w- c:\windows\system32\drivers\bkusbxp.sys
2009-08-30 17:42 . 2002-08-27 19:40 462848 ----a-w- c:\windows\system32\monitorbk.exe
2009-08-30 17:42 . 2002-08-10 03:01 73728 ----a-w- c:\windows\system32\install.dll
2009-08-30 17:42 . 2002-05-23 22:44 36864 ----a-w- c:\windows\system32\WRLSetup.exe
2009-08-30 17:42 . 2000-10-15 21:38 16068 ----a-w- c:\windows\system32\pcandis5.sys
2009-08-30 17:42 . 2000-10-15 21:22 61440 ----a-w- c:\windows\system32\w32n50.dll
2009-08-30 17:42 . 2009-08-30 17:42 -------- d-----w- c:\program files\Belkin
2009-08-30 17:41 . 2009-08-30 17:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-08-30 17:41 . 2009-08-30 17:41 -------- d-----w- C:\Belkin
2009-08-30 17:39 . 2009-09-01 07:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-08-30 15:39 . 2009-08-30 15:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2009-08-29 23:15 . 2009-08-29 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-29 23:15 . 2009-08-29 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nuance
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\program files\Common Files\Nuance
2009-08-29 23:05 . 2009-08-29 23:05 -------- d-----w- c:\program files\Nuance
2009-08-29 23:05 . 2009-08-29 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2009-08-29 23:05 . 2009-08-29 23:15 -------- d-----w- c:\windows\speech
2009-08-29 23:01 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-29 23:01 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-28 10:16 . 2009-08-28 10:29 -------- d-----w- c:\program files\FLAC
2009-08-27 04:15 . 1997-12-17 22:33 304128 ----a-w- c:\windows\IsUninst.exe
2009-08-27 04:15 . 2009-08-27 04:15 -------- d-----w- c:\documents and settings\Administrator\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 03:39 . 2009-08-01 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-09-18 10:55 . 2009-08-16 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-16 20:24 . 2009-08-01 18:48 -------- d-----w- c:\program files\DNA
2009-09-16 05:04 . 2009-08-14 17:36 -------- d-----w- c:\program files\LogMeIn
2009-09-14 20:34 . 2009-08-05 03:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-14 00:31 . 2009-08-01 21:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-13 22:43 . 2009-08-14 17:37 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-13 22:43 . 2009-08-14 17:37 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-13 22:43 . 2008-10-17 00:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-13 22:43 . 2008-10-17 00:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-13 22:43 . 2009-08-14 17:36 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-12 18:19 . 2009-08-16 23:48 10854 ----a-w- c:\windows\gloria.dat
2009-09-10 05:25 . 2009-08-16 21:24 -------- d-----w- c:\program files\Common Files\Apple
2009-09-02 22:11 . 2009-07-17 12:35 16880 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:57 . 2009-08-16 23:54 -------- d-----w- c:\program files\Yahoo!
2009-08-30 17:42 . 2009-03-19 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 23:06 . 2009-03-19 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-19 03:45 . 2009-08-19 03:45 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-08-19 03:45 . 2009-08-19 03:45 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-08-18 03:02 . 2009-08-17 02:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-08-18 03:00 . 2009-08-18 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-08-17 02:07 . 2009-08-17 02:06 -------- d-----w- c:\program files\MagicDisc
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-17 02:01 . 2009-08-17 02:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-17 01:56 . 2009-08-17 01:56 -------- d-----w- c:\program files\MagicISO
2009-08-16 21:27 . 2009-08-16 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-16 21:26 . 2009-08-16 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-16 21:25 . 2009-08-16 21:25 -------- d-----w- c:\program files\Apple Software Update
2009-08-16 21:24 . 2009-08-16 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-14 18:09 . 2009-08-14 18:09 -------- d-----w- c:\program files\Creative
2009-08-14 17:37 . 2009-08-14 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-08-12 17:24 . 2009-08-11 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-12 17:24 . 2009-08-11 16:01 -------- d-----w- c:\program files\NOS
2009-08-11 03:06 . 2009-08-11 03:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-05 20:01 . 2009-08-05 20:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreCodec
2009-08-05 20:00 . 2009-08-05 20:00 -------- d-----w- c:\program files\Haali
2009-08-05 20:00 . 2009-08-05 20:00 -------- d-----w- c:\program files\CoreCodec
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:54 . 2009-08-05 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2009-08-05 03:52 . 2009-08-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-08-05 03:49 . 2009-08-05 03:49 -------- d-----w- c:\program files\TortoiseSVN
2009-08-05 03:49 . 2009-08-05 03:49 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-05 03:23 . 2009-08-05 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback
2009-08-05 03:23 . 2009-08-05 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2009-08-05 02:38 . 2009-08-05 02:38 -------- d-----w- c:\program files\Essentials Codec Pack
2009-08-04 21:58 . 2009-03-19 21:36 -------- d-----w- c:\program files\Altiris
2009-08-04 21:50 . 2009-08-04 21:50 -------- d-----w- c:\program files\MSBuild
2009-08-04 21:50 . 2009-08-04 21:50 -------- d-----w- c:\program files\Reference Assemblies
2009-08-04 21:48 . 2009-08-04 21:48 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 02:21 . 2009-08-04 02:21 -------- d-----w- c:\program files\CCleaner
2009-08-03 22:17 . 2009-08-03 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterVideo
2009-08-03 12:23 . 2009-08-03 12:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-03 12:23 . 2009-08-03 12:23 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM
2009-08-01 22:08 . 2009-08-01 22:08 -------- d-----w- c:\program files\Common Files\DirectX
2009-08-01 21:19 . 2009-08-01 21:19 -------- d-----w- c:\program files\uTorrent
2009-08-01 18:43 . 2009-08-01 18:43 0 ----a-w- c:\windows\nsreg.dat
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 19:48 . 2009-07-03 19:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 19:45 . 2009-07-03 19:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-26 16:50 . 2004-08-04 12:00 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-09-14_02.29.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 03:38 . 2009-09-14 03:38 24576 c:\windows\ERDNT\9-13-2009\Users\00000002\UsrClass.dat
+ 2009-09-14 03:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\9-13-2009\ERDNT.EXE
+ 2009-09-14 03:38 . 2009-09-14 03:38 2531328 c:\windows\ERDNT\9-13-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-01 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-16 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-13 22:43 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/13/2009 4:22 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2009 4:22 PM 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/14/2009 1:37 PM 47640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\bkusbxp.sys [8/30/2009 1:42 PM 101099]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1easy9a4.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 23:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-790525478-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,72,a9,ef,58,67,61,3e,8f,68,9f,c7,4b,9c,58,f9,8a,6d,bb,de,99,69,82,
21,19,63,de,27,80,6f,76,8f,58,82,8b,66,16,74,85,38,f8,23,f8,02,45,4e,a0,e5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1972)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-09-19 23:42
ComboFix-quarantined-files.txt 2009-09-19 03:42

Pre-Run: 20,563,255,296 bytes free
Post-Run: 20,546,539,520 bytes free

346 --- E O F --- 2009-09-16 11:23

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 3

9/20/2009 8:27:36 PM
mbam-log-2009-09-20 (20-27-36).txt

Scan type: Quick Scan
Objects scanned: 93984
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Faolin,

Please answer. This log shows both Avast and Kaspersky as enabled and updated.

Did you try uninstalling Kaspersky with the instructions posted earlier?

One file to replace.

Please follow all previous instructions regarding security programs.

Open a new Notepad session

• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

In the notepad

• Click File, Save as..., and set the Save in to your Desktop
• In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
• Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Please post back with the combpfix log.

Let us know how you make out with uninstalling Kaspersky.

Thanks

Kaspersky is uninstalled so remnants might remain should I reinstall and then uninstall to be sure? Avast reads 0 provider(s) total 0 running.

ComboFix 09-09-20.01 - Administrator 09/21/2009 6:43.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.835 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090913-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-21 10:43 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-09-21 10:43 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-09-14 02:46 . 2009-09-14 02:46 -------- d-----w- c:\program files\ERUNT
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-14 01:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 01:08 . 2009-09-14 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-14 01:08 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 01:05 . 2009-09-14 01:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 23:59 . 2009-09-13 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 23:59 . 2009-09-17 16:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 23:59 . 2009-09-13 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-13 23:47 . 2009-09-13 23:47 -------- d-----w- c:\program files\Trend Micro
2009-09-13 22:44 . 2009-09-13 22:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-13 20:22 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-13 20:22 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-13 20:22 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-13 20:22 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-13 20:22 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-13 20:22 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-13 20:22 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-13 20:22 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-13 20:21 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 18:35 . 2009-09-13 18:35 -------- d-----w- c:\program files\VS Revo Group
2009-09-13 16:57 . 2009-09-13 16:57 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-12 16:26 . 2009-09-16 20:40 -------- d--h--w- c:\windows\PIF
2009-09-12 15:43 . 2009-09-13 17:02 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-12 15:43 . 2009-09-13 17:02 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-10 05:25 . 2009-09-10 05:25 -------- d-----w- c:\program files\iPod
2009-09-10 05:25 . 2009-09-10 05:26 -------- d-----w- c:\program files\iTunes
2009-09-10 05:25 . 2009-09-10 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 05:23 . 2009-09-10 05:23 -------- d-----w- c:\program files\QuickTime
2009-09-10 02:35 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 06:40 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-09-08 06:40 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-09-08 06:40 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-09-08 06:40 . 2009-09-08 06:40 -------- d-----w- c:\program files\Alwil Software
2009-09-07 21:18 . 2009-08-19 07:36 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-09-07 21:18 . 2009-06-19 23:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-09-07 21:18 . 2009-06-19 23:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-09-07 21:18 . 2009-06-19 23:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-09-06 19:34 . 2009-09-06 19:34 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-09-03 15:40 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-03 15:40 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-02 22:11 . 2009-09-16 20:24 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Microsoft
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 22:09 . 2009-09-02 22:09 -------- d-----w- c:\program files\Windows Live
2009-09-02 22:03 . 2009-09-02 22:03 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-01 03:19 . 2009-09-01 03:19 -------- d-----w- c:\windows\ShellNew
2009-09-01 03:18 . 2009-09-01 03:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Web Folders
2009-09-01 00:27 . 2009-09-01 00:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-08-30 19:28 . 2009-08-30 19:28 -------- d-----w- c:\windows\system32\LogFiles
2009-08-30 17:44 . 2009-08-30 18:10 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-08-30 17:42 . 2003-04-09 14:29 101099 ----a-w- c:\windows\system32\drivers\bkusbxp.sys
2009-08-30 17:42 . 2002-08-27 19:40 462848 ----a-w- c:\windows\system32\monitorbk.exe
2009-08-30 17:42 . 2002-08-10 03:01 73728 ----a-w- c:\windows\system32\install.dll
2009-08-30 17:42 . 2002-05-23 22:44 36864 ----a-w- c:\windows\system32\WRLSetup.exe
2009-08-30 17:42 . 2000-10-15 21:38 16068 ----a-w- c:\windows\system32\pcandis5.sys
2009-08-30 17:42 . 2000-10-15 21:22 61440 ----a-w- c:\windows\system32\w32n50.dll
2009-08-30 17:42 . 2009-08-30 17:42 -------- d-----w- c:\program files\Belkin
2009-08-30 17:41 . 2009-08-30 17:41 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-08-30 17:41 . 2009-08-30 17:41 -------- d-----w- C:\Belkin
2009-08-30 17:39 . 2009-09-01 07:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-08-30 15:39 . 2009-08-30 15:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft
2009-08-29 23:15 . 2009-08-29 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-29 23:15 . 2009-08-29 23:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nuance
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-08-29 23:06 . 2009-08-29 23:06 -------- d-----w- c:\program files\Common Files\Nuance
2009-08-29 23:05 . 2009-08-29 23:05 -------- d-----w- c:\program files\Nuance
2009-08-29 23:05 . 2009-08-29 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2009-08-29 23:05 . 2009-08-29 23:15 -------- d-----w- c:\windows\speech
2009-08-29 23:01 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-29 23:01 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-28 10:16 . 2009-08-28 10:29 -------- d-----w- c:\program files\FLAC
2009-08-27 04:15 . 1997-12-17 22:33 304128 ----a-w- c:\windows\IsUninst.exe
2009-08-27 04:15 . 2009-08-27 04:15 -------- d-----w- c:\documents and settings\Administrator\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 10:35 . 2009-08-01 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-09-18 10:55 . 2009-08-16 21:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-09-16 20:24 . 2009-08-01 18:48 -------- d-----w- c:\program files\DNA
2009-09-16 05:04 . 2009-08-14 17:36 -------- d-----w- c:\program files\LogMeIn
2009-09-14 20:34 . 2009-08-05 03:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-14 00:31 . 2009-08-01 21:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-13 22:43 . 2009-08-14 17:37 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-13 22:43 . 2009-08-14 17:37 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-13 22:43 . 2008-10-17 00:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-13 22:43 . 2008-10-17 00:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-13 22:43 . 2009-08-14 17:36 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-12 18:19 . 2009-08-16 23:48 10854 ----a-w- c:\windows\gloria.dat
2009-09-10 05:25 . 2009-08-16 21:24 -------- d-----w- c:\program files\Common Files\Apple
2009-09-02 22:11 . 2009-07-17 12:35 16880 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:57 . 2009-08-16 23:54 -------- d-----w- c:\program files\Yahoo!
2009-08-30 17:42 . 2009-03-19 21:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 23:06 . 2009-03-19 21:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-19 03:45 . 2009-08-19 03:45 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-08-19 03:45 . 2009-08-19 03:45 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-08-18 03:02 . 2009-08-17 02:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-08-18 03:00 . 2009-08-18 03:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-08-17 02:07 . 2009-08-17 02:06 -------- d-----w- c:\program files\MagicDisc
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-17 02:05 . 2009-08-17 02:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-17 02:01 . 2009-08-17 02:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-17 01:56 . 2009-08-17 01:56 -------- d-----w- c:\program files\MagicISO
2009-08-16 21:27 . 2009-08-16 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-16 21:26 . 2009-08-16 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-16 21:25 . 2009-08-16 21:25 -------- d-----w- c:\program files\Apple Software Update
2009-08-16 21:24 . 2009-08-16 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-14 18:09 . 2009-08-14 18:09 -------- d-----w- c:\program files\Creative
2009-08-14 17:37 . 2009-08-14 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-08-12 17:24 . 2009-08-11 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-12 17:24 . 2009-08-11 16:01 -------- d-----w- c:\program files\NOS
2009-08-11 03:06 . 2009-08-11 03:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-05 20:01 . 2009-08-05 20:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\CoreCodec
2009-08-05 20:00 . 2009-08-05 20:00 -------- d-----w- c:\program files\Haali
2009-08-05 20:00 . 2009-08-05 20:00 -------- d-----w- c:\program files\CoreCodec
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:54 . 2009-08-05 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\TortoiseSVN
2009-08-05 03:52 . 2009-08-05 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2009-08-05 03:49 . 2009-08-05 03:49 -------- d-----w- c:\program files\TortoiseSVN
2009-08-05 03:49 . 2009-08-05 03:49 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-05 03:23 . 2009-08-05 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback
2009-08-05 03:23 . 2009-08-05 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2009-08-05 02:38 . 2009-08-05 02:38 -------- d-----w- c:\program files\Essentials Codec Pack
2009-08-04 21:58 . 2009-03-19 21:36 -------- d-----w- c:\program files\Altiris
2009-08-04 21:50 . 2009-08-04 21:50 -------- d-----w- c:\program files\MSBuild
2009-08-04 21:50 . 2009-08-04 21:50 -------- d-----w- c:\program files\Reference Assemblies
2009-08-04 21:48 . 2009-08-04 21:48 -------- d-----w- c:\program files\MSXML 6.0
2009-08-04 02:21 . 2009-08-04 02:21 -------- d-----w- c:\program files\CCleaner
2009-08-03 22:17 . 2009-08-03 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterVideo
2009-08-03 12:23 . 2009-08-03 12:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-03 12:23 . 2009-08-03 12:23 -------- d--h--r- c:\documents and settings\Administrator\Application Data\SecuROM
2009-08-01 22:08 . 2009-08-01 22:08 -------- d-----w- c:\program files\Common Files\DirectX
2009-08-01 21:19 . 2009-08-01 21:19 -------- d-----w- c:\program files\uTorrent
2009-08-01 18:43 . 2009-08-01 18:43 0 ----a-w- c:\windows\nsreg.dat
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 19:48 . 2009-07-03 19:48 219664 ----a-w- c:\windows\system32\klogon.dll
2009-07-03 19:45 . 2009-07-03 19:45 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-06-26 16:50 . 2004-08-04 12:00 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-14_02.29.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-14 03:38 . 2009-09-14 03:38 24576 c:\windows\ERDNT\9-13-2009\Users\00000002\UsrClass.dat
+ 2009-09-14 03:38 . 2005-10-20 16:02 163328 c:\windows\ERDNT\9-13-2009\ERDNT.EXE
+ 2009-09-14 03:38 . 2009-09-14 03:38 2531328 c:\windows\ERDNT\9-13-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 22:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-08-01 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-16 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-13 22:43 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/13/2009 4:22 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2009 4:22 PM 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [8/14/2009 1:37 PM 47640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S3 Belkin Belkin 11Mbps Wireless USB Network Adapter®;Belkin Belkin 11Mbps Wireless USB Network Adapter® Service for Belkin 11Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\bkusbxp.sys [8/30/2009 1:42 PM 101099]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1easy9a4.default\
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 06:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-790525478-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4b,72,a9,ef,58,67,61,3e,8f,68,9f,c7,4b,9c,58,f9,8a,6d,bb,de,99,69,82,
21,19,63,de,27,80,6f,76,8f,58,82,8b,66,16,74,85,38,f8,23,f8,02,45,4e,a0,e5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2572)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-09-21 6:46
ComboFix-quarantined-files.txt 2009-09-21 10:46
ComboFix2.txt 2009-09-19 03:42

Pre-Run: 20,505,985,024 bytes free
Post-Run: 20,482,134,016 bytes free

344 --- E O F --- 2009-09-16 11:23

Hi Faolin,

Yes, try reinstalling/uninstall Kaspersky.

Uninstall avast before reinstalling Kaspersky, then reinstall it after you uninstall Kaspersky.

Download a new copy of avast from HERE and save it to a convenient location.

If avast won't uninstall you can use the uninstaller from here

Post a new DDS log when you are finished.

Thanks

Hi Faolin,

You still with us?

Thanks

Due to inactivity this topic will be closed.
If you need help please start a new thread.